Overview
overview
10Static
static
10Content.Wa...ty.dll
windows7-x64
1Content.Wa...ty.dll
windows10-2004-x64
1Content.Wa...er.dll
windows7-x64
1Content.Wa...er.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...et.dll
windows7-x64
1Content.Wa...et.dll
windows10-2004-x64
1Content.Wa...ib.dll
windows7-x64
1Content.Wa...ib.dll
windows10-2004-x64
1Content.Wa...rd.dll
windows7-x64
1Content.Wa...rd.dll
windows10-2004-x64
1Content.Wa...ld.dll
windows7-x64
1Content.Wa...ld.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...rp.dll
windows7-x64
1Content.Wa...rp.dll
windows10-2004-x64
1Content.Wa...In.dll
windows7-x64
1Content.Wa...In.dll
windows10-2004-x64
1Content.Wa...on.dll
windows7-x64
1Content.Wa...on.dll
windows10-2004-x64
1Content.Wa...dk.dll
windows7-x64
1Content.Wa...dk.dll
windows10-2004-x64
1Content.Wa...ed.dll
windows7-x64
1Content.Wa...ed.dll
windows10-2004-x64
1Content.Wa...pv.dll
windows7-x64
1Content.Wa...pv.dll
windows10-2004-x64
1Content.Wa...on.dll
windows7-x64
1Content.Wa...on.dll
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-04-2024 22:21
Behavioral task
behavioral1
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.PhotonUtility.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.PhotonUtility.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Recorder.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Recorder.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Settings.Runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Settings.Runtime.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.UI.Runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.UI.Runtime.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/com.rlabrecque.steamworks.net.dll
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral10
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/com.rlabrecque.steamworks.net.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/mscorlib.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/mscorlib.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/netstandard.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/netstandard.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/pworld.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/pworld.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/sc.posteffects.runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/sc.posteffects.runtime.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/websocket-sharp.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/websocket-sharp.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/AudioIn.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/AudioIn.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/discord_game_sdk.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/discord_game_sdk.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/opus_egpv.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/opus_egpv.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/phonon.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/phonon.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll
-
Size
416KB
-
MD5
7bce8a849a919e69a75de79d4ab30057
-
SHA1
c4f0ad92bec89704384c61c7d8adb45aa7a7d026
-
SHA256
fef0cd4f4c673f61d80adf00c89456fad03f8bb60fd88c9445566a4c92f4eea1
-
SHA512
76141aafd0c9115bab71dc02ba96d899deb0172683165607a82075fd819e002fa2935a0616f8c58993a57f25a90b7db5c0daf1134b4ad3d5fb5bd765af6b1d2b
-
SSDEEP
6144:oXC7n1NAENlp6yGvvNNVyrm3oZg8pCrrKsnnz1Y+Jv+scqzY30t8W0iD:uI1BNT6FNNU63eg8QrmGvg3DW0i
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1652 wrote to memory of 320 1652 rundll32.exe 28 PID 1652 wrote to memory of 320 1652 rundll32.exe 28 PID 1652 wrote to memory of 320 1652 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Content.Warning.v1.9.b-0xdeadc0de\Content Warning_Data\Plugins\x86_64\lib_burst_generated.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1652 -s 802⤵PID:320
-